Lucene search

[email protected]CVE-2016-7091

HistoryDec 22, 2016 - 9:59 p.m.

CVE-2016-7091

2016-12-2221:59:00

CWE-200

[email protected]

web.nvd.nist.gov

107

cve-2016-7091

sudo

red hat enterprise linux

linux

information disclosure

vulnerability

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.1 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

CPENameOperatorVersion
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq7.0
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0
redhat:enterprise_linux_hpc_noderedhat enterprise linux hpc nodeeq7.0
redhat:enterprise_linuxredhat enterprise linuxeq*

CPE	Name	Operator	Version
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	7.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0
redhat:enterprise_linux_hpc_node	redhat enterprise linux hpc node	eq	7.0
redhat:enterprise_linux	redhat enterprise linux	eq	*